Viewing Issue Advanced Details
Jump to Notes ]
act/victor9k.cpp
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
08503 Misc. Critical (emulator) Always Nov 4, 2022, 14:19 Dec 23, 2024, 13:33
Tester Firewave View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Open OS Linux (64-bit)
Status [?] Acknowledged Driver
act/victor9k.cpp
Version 0.249 Fixed in Version Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 08503: victor9k: AddressSanitizer: heap-buffer-overflow
Description 
==25351==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f9565481800 at pc 0x7f95c0a4c45f bp 0x7ffff5cda0f0 sp 0x7ffff5cda0e8
WRITE of size 1 at 0x7f9565481800 thread T0
    #0 0x7f95c0a4c45e in handler_entry_write_memory<0, 0>::write(unsigned int, unsigned char, unsigned char) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hem.cpp:54:65
    #1 0x7f95ad5caa58 in void dispatch_write<0, 0, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<0>::uX, emu::detail::handler_entry_size<0>::uX, handler_entry_write<0, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #2 0x7f95bee79f31 in handler_entry_write_dispatch<14, 0, 0>::write(unsigned int, unsigned char, unsigned char) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2
    #3 0x7f95a252a95b in void dispatch_write<1, 0, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<0>::uX, emu::detail::handler_entry_size<0>::uX, handler_entry_write<0, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #4 0x7f95bb0e9495 in address_space_specific<1, 0, 0, (util::endianness)0>::write_native(unsigned int, unsigned char, unsigned char) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:445:3
    #5 0x7f95bb0eb7f5 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:455:90
    #6 0x7f95bb0eb7f5 in void memory_write_generic<0, 0, (util::endianness)0, 1, false, address_space_specific<1, 0, 0, (util::endianness)0>::wop()::'lambda'(unsigned int, unsigned char, unsigned char)>(address_space_specific<1, 0, 0, (util::endianness)0>::wop()::'lambda'(unsigned int, unsigned char, unsigned char), unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:983:22
    #7 0x7f95bb0c75d5 in address_space_specific<1, 0, 0, (util::endianness)0>::write_word_unaligned(unsigned int, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:475:65
    #8 0x7f95b202c792 in i8086_cpu_device::write_word(unsigned int, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:176:26
    #9 0x7f95b206fde5 in i8086_common_cpu_device::PutMemW(int, unsigned short, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86inline.h:406:2
    #10 0x7f95b207204b in i8086_common_cpu_device::i_stosw() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86inline.h:595:2
    #11 0x7f95b2056d6c in i8086_common_cpu_device::common_op(unsigned char) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:2215:44
    #12 0x7f95b202e69f in i8086_cpu_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:329:9
    #13 0x7f95b20309df in non-virtual thunk to i8086_cpu_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp
    #14 0x7f95c16dd817 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15
    #15 0x7f95c16dd817 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14
    #16 0x7f95c15764a7 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #17 0x7f95c46dcf7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #18 0x7f95c48d18d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #19 0x7f95c48d541f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #20 0x7f95c46e1d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #21 0x7f95c18b858b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #22 0x7f957fdb9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #23 0x7f957fdb92bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #24 0x7f959f042260 in _start (/mnt/s/GitHub/mame/mame+0x1d397260) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)

0x7f9565481800 is located 0 bytes to the right of 131072-byte region [0x7f9565461800,0x7f9565481800)
allocated by thread T0 here:
    #0 0x7f959f0fff8d in operator new[](unsigned long) (/mnt/s/GitHub/mame/mame+0x1d454f8d) (BuildId: 603d3d1c300651feb2a8e3ac6e9cb58d3f85e77b)
    #1 0x7f95b6f1b497 in make_unique<unsigned char[]> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1080:30
    #2 0x7f95b6f1b497 in ram_device::device_start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/ram.cpp:174:14
    #3 0x7f95bad52410 in device_t::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:562:2
    #4 0x7f95c15752df in running_machine::start_all_devices() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:1013:13
    #5 0x7f95c15732b4 in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:211:2
    #6 0x7f95c15760dc in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #7 0x7f95c46dcf7f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #8 0x7f95c48d18d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #9 0x7f95c48d541f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #10 0x7f95c46e1d5f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #11 0x7f95c18b858b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #12 0x7f957fdb9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hem.cpp:54:65 in handler_entry_write_memory<0, 0>::write(unsigned int, unsigned char, unsigned char) const
Shadow bytes around the buggy address:
  0x0ff32ca882b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32ca882c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32ca882d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32ca882e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff32ca882f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff32ca88300:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff32ca88310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff32ca88320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff32ca88330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff32ca88340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff32ca88350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Steps To Reproduce
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems victor9k
Attached Files
txt file icon victor9k.valgrind.txt (54,505 bytes) Nov 22, 2022, 23:50 Uploaded by Firewave
valgrind output
[Show Content]
Relationships
There are no relationship linked to this issue.
Notes
2
User avatar
No.20857
Firewave
Senior Tester
Nov 22, 2022, 23:51
 There's a few uninitialized memory warnings with valgrind (also the actual out-of-bounds access). The log is attached.

They are probably not the cause of this though.
User avatar
No.22680
Firewave
Senior Tester
Dec 23, 2024, 13:33
 Running 0.272 on Linux:
==7366==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7275d1a36800 at pc 0x5f667eb9a70d bp 0x7ffe2755e370 sp 0x7ffe2755e368
WRITE of size 1 at 0x7275d1a36800 thread T0
    #0 0x5f667eb9a70c in handler_entry_write_memory<0, 0>::write(unsigned int, unsigned char, unsigned char) const /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hem.cpp:65:65
    #1 0x5f667df98647 in dispatch_write<0, 0, 0> /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1654:47
    #2 0x5f667df98647 in handler_entry_write_dispatch<14, 0, 0>::write(unsigned int, unsigned char, unsigned char) const /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2
    #3 0x5f667c0d5d6f in dispatch_write<1, 0, 0> /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1654:47
    #4 0x5f667c0d5d6f in write_native /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:361:3
    #5 0x5f667c0d5d6f in operator() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:371:90
    #6 0x5f667c0d5d6f in memory_write_generic<0, 0, (util::endianness)0, 1, false, (lambda at ../../../../../src/emu/emumem_aspace.cpp:371:24)> /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1060:22
    #7 0x5f667c0d5d6f in address_space_specific<1, 0, 0, (util::endianness)0>::write_word_unaligned(unsigned int, unsigned short) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_aspace.cpp:393:65
    #8 0x5f666eca930e in i8086_cpu_device::write_word(unsigned int, unsigned short) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:176:26
    #9 0x5f666ecd3988 in PutMemW /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86inline.h:406:2
    #10 0x5f666ecd3988 in i8086_common_cpu_device::i_stosw() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86inline.h:595:2
    #11 0x5f666ecc1dd3 in i8086_common_cpu_device::common_op(unsigned char) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:2219:44
    #12 0x5f666eca9ddd in i8086_cpu_device::execute_run() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp:330:9
    #13 0x5f666ecacbbf in non-virtual thunk to i8086_cpu_device::execute_run() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/i86/i86.cpp
    #14 0x5f667f5b4398 in run /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:189:15
    #15 0x5f667f5b4398 in device_scheduler::timeslice() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14
    #16 0x5f667f49265b in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:333:17
    #17 0x5f667add9853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19
    #18 0x5f667bb1eff7 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22
    #19 0x5f667bb219d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3
    #20 0x5f667addc3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18
    #21 0x5f667f6cf135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9
    #22 0x72760fe34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #23 0x72760fe34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #24 0x5f6661f1dca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3)

0x7275d1a36800 is located 0 bytes after 131072-byte region [0x7275d1a16800,0x7275d1a36800)
allocated by thread T0 here:
    #0 0x5f6662052952 in operator new[](unsigned long) (/home/user/CLionProjects/mame/mame+0x1099c952) (BuildId: dd5b3932e72efdc3)
    #1 0x5f6679c139cd in make_unique<unsigned char[]> /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/14.2.1/../../../../include/c++/14.2.1/bits/unique_ptr.h:1091:30
    #2 0x5f6679c139cd in ram_device::device_start() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/ram.cpp:174:14
    #3 0x5f667be48fc2 in device_t::start() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.cpp:542:2
    #4 0x5f667f491411 in running_machine::start_all_devices() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:1013:13
    #5 0x5f667f48fa41 in running_machine::start() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:215:2
    #6 0x5f667f491fe6 in running_machine::run(bool) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:285:3
    #7 0x5f667add9853 in mame_machine_manager::execute() /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:288:19
    #8 0x5f667bb1eff7 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:277:22
    #9 0x5f667bb219d4 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:293:3
    #10 0x5f667addc3dd in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>>&) /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:453:18
    #11 0x5f667f6cf135 in main /home/user/CLionProjects/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:100:9
    #12 0x72760fe34e07 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #13 0x72760fe34ecb in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #14 0x5f6661f1dca4 in _start (/home/user/CLionProjects/mame/mame+0x10867ca4) (BuildId: dd5b3932e72efdc3)